azurermIotSecuritySolution
Manages an iot security solution.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermIothubExample = new azurerm.iothub.Iothub(this, "example_1", {
location: azurermResourceGroupExample.location,
name: "example-IoTHub",
resource_group_name: azurermResourceGroupExample.name,
sku: [
{
capacity: "1",
name: "S1",
},
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermIothubExample.overrideLogicalId("example");
const azurermIotSecuritySolutionExample =
new azurerm.iotSecuritySolution.IotSecuritySolution(this, "example_2", {
display_name: "Iot Security Solution",
iothub_ids: [azurermIothubExample.id],
location: azurermResourceGroupExample.location,
name: "example-Iot-Security-Solution",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermIotSecuritySolutionExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name
- (Required) Specifies the name of the Iot Security Solution. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) Specifies the name of the resource group in which to create the Iot Security Solution. Changing this forces a new resource to be created. -
location
- (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. -
displayName
- (Required) Specifies the Display Name for this Iot Security Solution. -
iothubIds
- (Required) Specifies the IoT Hub resource IDs to which this Iot Security Solution is applied. -
additionalWorkspace
- (Optional) AadditionalWorkspace
block as defined below. -
disabledDataSources
- (Optional) A list of disabled data sources for the Iot Security Solution. Possible value istwinData
. -
enabled
- (Optional) Is the Iot Security Solution enabled? Defaults totrue
. -
eventsToExport
- (Optional) A list of data which is to exported to analytic workspace. Valid values includerawEvents
. -
logAnalyticsWorkspaceId
- (Optional) Specifies the Log Analytics Workspace ID to which the security data will be sent. -
logUnmaskedIpsEnabled
- (Optional) Should IP addressed be unmasked in the log? Defaults tofalse
. -
recommendationsEnabled
- (Optional) ArecommendationsEnabled
block of options to enable or disable as defined below. -
queryForResources
- (Optional) An Azure Resource Graph query used to set the resources monitored. -
querySubscriptionIds
- (Optional) A list of subscription Ids on which the user defined resources query should be executed. -
tags
- (Optional) A mapping of tags to assign to the resource.
The additionalWorkspace
block supports the following:
-
dataTypes
- (Required) A list of data types which sent to workspace. Possible values arealerts
andrawEvents
. -
workspaceId
- (Required) The resource ID of the Log Analytics Workspace.
A recommendationsEnabled
block supports the following:
-
acrAuthentication
- (Optional) Is Principal Authentication enabled for the ACR repository? Defaults totrue
. -
agentSendUnutilizedMsg
- (Optional) Is Agent send underutilized messages enabled? Defaults totrue
. -
baseline
- (Optional) Is Security related system configuration issues identified? Defaults totrue
. -
edgeHubMemOptimize
- (Optional) Is IoT Edge Hub memory optimized? Defaults totrue
. -
edgeLoggingOption
- (Optional) Is logging configured for IoT Edge module? Defaults totrue
. -
inconsistentModuleSettings
- (Optional) Is inconsistent module settings enabled for SecurityGroup? Defaults totrue
. -
installAgent
- (Optional) is Azure IoT Security agent installed? Defaults totrue
. -
ipFilterDenyAll
- (Optional) Is Default IP filter policy denied? Defaults totrue
. -
ipFilterPermissiveRule
- (Optional) Is IP filter rule source allowable IP range too large? Defaults totrue
. -
openPorts
- (Optional) Is any ports open on the device? Defaults totrue
. -
permissiveFirewallPolicy
- (Optional) Does firewall policy exist which allow necessary communication to/from the device? Defaults totrue
. -
permissiveInputFirewallRules
- (Optional) Is only necessary addresses or ports are permitted in? Defaults totrue
. -
permissiveOutputFirewallRules
- (Optional) Is only necessary addresses or ports are permitted out? Defaults totrue
. -
privilegedDockerOptions
- (Optional) Is high level permissions are needed for the module? Defaults totrue
. -
sharedCredentials
- (Optional) Is any credentials shared among devices? Defaults totrue
. -
vulnerableTlsCipherSuite
- (Optional) Does TLS cipher suite need to be updated? Defaults totrue
.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the Iot Security Solution resource.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Iot Security Solution.update
- (Defaults to 30 minutes) Used when updating the Iot Security Solution.read
- (Defaults to 5 minutes) Used when retrieving the Iot Security Solution.delete
- (Defaults to 30 minutes) Used when deleting the Iot Security Solution.
Import
Iot Security Solution can be imported using the resourceId
, e.g.